2010-05-06 20:13:59 +02:00
|
|
|
/* GDBus - GLib D-Bus Library
|
|
|
|
*
|
2010-05-09 19:14:55 +02:00
|
|
|
* Copyright (C) 2008-2010 Red Hat, Inc.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General
|
|
|
|
* Public License along with this library; if not, write to the
|
|
|
|
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
|
|
|
|
* Boston, MA 02111-1307, USA.
|
|
|
|
*
|
|
|
|
* Author: David Zeuthen <davidz@redhat.com>
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
2010-05-09 16:02:56 +02:00
|
|
|
#ifdef __linux__
|
|
|
|
#define __USE_GNU
|
2010-05-06 20:13:59 +02:00
|
|
|
#include <sys/types.h>
|
2010-05-09 16:02:56 +02:00
|
|
|
#include <sys/socket.h>
|
2010-05-06 20:13:59 +02:00
|
|
|
#include <unistd.h>
|
2010-05-09 16:02:56 +02:00
|
|
|
#include <string.h>
|
2010-05-06 20:13:59 +02:00
|
|
|
#endif
|
|
|
|
|
2010-05-14 14:38:07 +02:00
|
|
|
#include <gobject/gvaluecollector.h>
|
|
|
|
|
|
|
|
#include "gcredentials.h"
|
|
|
|
#include "gioerror.h"
|
|
|
|
|
2010-05-06 22:34:23 +02:00
|
|
|
#include "glibintl.h"
|
2010-05-06 23:31:51 +02:00
|
|
|
#include "gioalias.h"
|
2010-05-06 22:34:23 +02:00
|
|
|
|
2010-05-06 20:13:59 +02:00
|
|
|
/**
|
|
|
|
* SECTION:gcredentials
|
2010-05-06 21:31:45 +02:00
|
|
|
* @short_description: An object containing credentials
|
|
|
|
* @include: gio/gio.h
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* The #GCredentials type is a reference-counted wrapper for the
|
|
|
|
* native credentials type. This information is typically used for
|
|
|
|
* identifying, authenticating and authorizing other processes.
|
|
|
|
*
|
|
|
|
* Some operating systems supports looking up the credentials of the
|
|
|
|
* remote peer of a communication endpoint - see e.g.
|
|
|
|
* g_socket_get_credentials().
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* Some operating systems supports securely sending and receiving
|
|
|
|
* credentials over a Unix Domain Socket, see
|
2010-05-06 20:13:59 +02:00
|
|
|
* #GUnixCredentialsMessage, g_unix_connection_send_credentials() and
|
|
|
|
* g_unix_connection_receive_credentials() for details.
|
2010-05-09 16:02:56 +02:00
|
|
|
*
|
|
|
|
* On Linux, the native credential type is a <literal>struct ucred</literal> - see
|
|
|
|
* the <literal>unix(7)</literal> man page for details.
|
2010-05-06 20:13:59 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
struct _GCredentialsPrivate
|
|
|
|
{
|
2010-05-09 16:02:56 +02:00
|
|
|
#ifdef __linux__
|
|
|
|
struct ucred native;
|
|
|
|
#else
|
|
|
|
#warning Please add GCredentials support for your OS
|
|
|
|
guint foo;
|
|
|
|
#endif
|
2010-05-06 20:13:59 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
G_DEFINE_TYPE (GCredentials, g_credentials, G_TYPE_OBJECT);
|
|
|
|
|
|
|
|
static void
|
|
|
|
g_credentials_finalize (GObject *object)
|
|
|
|
{
|
2010-05-09 16:02:56 +02:00
|
|
|
G_GNUC_UNUSED GCredentials *credentials = G_CREDENTIALS (object);
|
2010-05-06 20:13:59 +02:00
|
|
|
|
|
|
|
if (G_OBJECT_CLASS (g_credentials_parent_class)->finalize != NULL)
|
|
|
|
G_OBJECT_CLASS (g_credentials_parent_class)->finalize (object);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
g_credentials_class_init (GCredentialsClass *klass)
|
|
|
|
{
|
|
|
|
GObjectClass *gobject_class;
|
|
|
|
|
|
|
|
g_type_class_add_private (klass, sizeof (GCredentialsPrivate));
|
|
|
|
|
|
|
|
gobject_class = G_OBJECT_CLASS (klass);
|
|
|
|
gobject_class->finalize = g_credentials_finalize;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
g_credentials_init (GCredentials *credentials)
|
|
|
|
{
|
|
|
|
credentials->priv = G_TYPE_INSTANCE_GET_PRIVATE (credentials, G_TYPE_CREDENTIALS, GCredentialsPrivate);
|
2010-05-09 16:02:56 +02:00
|
|
|
#ifdef __linux__
|
|
|
|
credentials->priv->native.pid = getpid ();
|
|
|
|
credentials->priv->native.uid = getuid ();
|
|
|
|
credentials->priv->native.gid = getgid ();
|
|
|
|
#endif
|
2010-05-06 20:13:59 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* g_credentials_new:
|
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* Creates a new #GCredentials object with credentials matching the
|
|
|
|
* the current process.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
|
|
|
* Returns: A #GCredentials. Free with g_object_unref().
|
2010-05-06 22:02:08 +02:00
|
|
|
*
|
|
|
|
* Since: 2.26
|
2010-05-06 20:13:59 +02:00
|
|
|
*/
|
|
|
|
GCredentials *
|
|
|
|
g_credentials_new (void)
|
|
|
|
{
|
|
|
|
return g_object_new (G_TYPE_CREDENTIALS, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* g_credentials_to_string:
|
|
|
|
* @credentials: A #GCredentials object.
|
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* Creates a human-readable textual representation of @credentials
|
|
|
|
* that can be used in logging and debug messages. The format of the
|
|
|
|
* returned string may change in future GLib release.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
|
|
|
* Returns: A string that should be freed with g_free().
|
2010-05-06 22:02:08 +02:00
|
|
|
*
|
|
|
|
* Since: 2.26
|
2010-05-06 20:13:59 +02:00
|
|
|
*/
|
|
|
|
gchar *
|
|
|
|
g_credentials_to_string (GCredentials *credentials)
|
|
|
|
{
|
|
|
|
GString *ret;
|
|
|
|
|
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
|
|
|
|
|
|
|
|
ret = g_string_new ("GCredentials:");
|
2010-05-09 16:02:56 +02:00
|
|
|
#ifdef __linux__
|
|
|
|
g_string_append (ret, "linux:");
|
|
|
|
if (credentials->priv->native.pid != -1)
|
|
|
|
g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->priv->native.pid);
|
|
|
|
if (credentials->priv->native.uid != -1)
|
|
|
|
g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->priv->native.uid);
|
|
|
|
if (credentials->priv->native.gid != -1)
|
|
|
|
g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->priv->native.gid);
|
2010-05-06 20:13:59 +02:00
|
|
|
if (ret->str[ret->len - 1] == ',')
|
|
|
|
ret->str[ret->len - 1] = '\0';
|
2010-05-09 16:02:56 +02:00
|
|
|
#else
|
|
|
|
g_string_append (ret, "unknown");
|
|
|
|
#endif
|
2010-05-06 20:13:59 +02:00
|
|
|
|
|
|
|
return g_string_free (ret, FALSE);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
2010-05-09 16:02:56 +02:00
|
|
|
* g_credentials_is_same_user:
|
2010-05-06 20:13:59 +02:00
|
|
|
* @credentials: A #GCredentials.
|
2010-05-09 16:02:56 +02:00
|
|
|
* @other_credentials: A #GCredentials.
|
|
|
|
* @error: Return location for error or %NULL.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* Checks if @credentials and @other_credentials is the same user.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* This operation can fail if #GCredentials is not supported on the
|
|
|
|
* the OS.
|
|
|
|
*
|
|
|
|
* Returns: %TRUE if @credentials and @other_credentials has the same
|
|
|
|
* user, %FALSE otherwise or if @error is set.
|
2010-05-06 22:02:08 +02:00
|
|
|
*
|
|
|
|
* Since: 2.26
|
2010-05-06 20:13:59 +02:00
|
|
|
*/
|
|
|
|
gboolean
|
2010-05-09 16:02:56 +02:00
|
|
|
g_credentials_is_same_user (GCredentials *credentials,
|
|
|
|
GCredentials *other_credentials,
|
|
|
|
GError **error)
|
2010-05-06 20:13:59 +02:00
|
|
|
{
|
2010-05-09 16:02:56 +02:00
|
|
|
gboolean ret;
|
|
|
|
|
2010-05-06 20:13:59 +02:00
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
|
2010-05-09 16:02:56 +02:00
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (other_credentials), FALSE);
|
|
|
|
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
2010-05-06 20:13:59 +02:00
|
|
|
|
2010-05-09 16:02:56 +02:00
|
|
|
ret = FALSE;
|
|
|
|
#ifdef __linux__
|
|
|
|
if (credentials->priv->native.uid == other_credentials->priv->native.uid)
|
|
|
|
ret = TRUE;
|
|
|
|
#else
|
|
|
|
g_set_error_literal (error,
|
|
|
|
G_IO_ERROR,
|
|
|
|
G_IO_ERROR_NOT_SUPPORTED,
|
|
|
|
_("GCredentials is not implemented on this OS"));
|
|
|
|
#endif
|
2010-05-06 20:13:59 +02:00
|
|
|
|
2010-05-09 16:02:56 +02:00
|
|
|
return ret;
|
2010-05-06 20:13:59 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2010-05-09 16:02:56 +02:00
|
|
|
* g_credentials_get_native:
|
2010-05-06 20:13:59 +02:00
|
|
|
* @credentials: A #GCredentials.
|
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* Gets a pointer to the native credentials structure.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* Returns: The pointer or %NULL if there is no #GCredentials support
|
|
|
|
* for the OS. Do not free the returned data, it is owned by
|
|
|
|
* @credentials.
|
2010-05-06 22:02:08 +02:00
|
|
|
*
|
|
|
|
* Since: 2.26
|
2010-05-06 20:13:59 +02:00
|
|
|
*/
|
2010-05-09 16:02:56 +02:00
|
|
|
gpointer
|
|
|
|
g_credentials_get_native (GCredentials *credentials)
|
2010-05-06 20:13:59 +02:00
|
|
|
{
|
2010-05-09 16:02:56 +02:00
|
|
|
gpointer ret;
|
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
|
2010-05-06 20:13:59 +02:00
|
|
|
|
2010-05-09 16:02:56 +02:00
|
|
|
#ifdef __linux__
|
|
|
|
ret = &credentials->priv->native;
|
|
|
|
#else
|
|
|
|
ret = NULL;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return ret;
|
2010-05-06 20:13:59 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2010-05-09 16:02:56 +02:00
|
|
|
* g_credentials_set_native:
|
2010-05-06 20:13:59 +02:00
|
|
|
* @credentials: A #GCredentials.
|
2010-05-09 16:02:56 +02:00
|
|
|
* @native: A pointer to native credentials.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* Copies the native credentials from @native into @credentials.
|
|
|
|
*
|
|
|
|
* It is a programming error (which will cause an warning to be
|
|
|
|
* logged) to use this method if there is no #GCredentials support for
|
|
|
|
* the OS.
|
2010-05-06 22:02:08 +02:00
|
|
|
*
|
|
|
|
* Since: 2.26
|
2010-05-06 20:13:59 +02:00
|
|
|
*/
|
|
|
|
void
|
2010-05-09 16:02:56 +02:00
|
|
|
g_credentials_set_native (GCredentials *credentials,
|
|
|
|
gpointer native)
|
2010-05-06 20:13:59 +02:00
|
|
|
{
|
2010-05-09 16:02:56 +02:00
|
|
|
#ifdef __linux__
|
|
|
|
memcpy (&credentials->priv->native, native, sizeof (struct ucred));
|
|
|
|
#else
|
|
|
|
g_warning ("g_credentials_set_native: Trying to set credentials but GLib has no support "
|
|
|
|
"for the native credentials type. Please add support.");
|
|
|
|
#endif
|
2010-05-06 20:13:59 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------------- */
|
|
|
|
|
2010-05-09 16:02:56 +02:00
|
|
|
#ifdef G_OS_UNIX
|
2010-05-06 20:13:59 +02:00
|
|
|
/**
|
2010-05-09 16:02:56 +02:00
|
|
|
* g_credentials_get_unix_user:
|
|
|
|
* @credentials: A #GCredentials
|
|
|
|
* @error: Return location for error or %NULL.
|
2010-05-06 22:02:08 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* Tries to get the UNIX user identifier from @credentials. This
|
|
|
|
* method is only available on UNIX platforms.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* This operation can fail if #GCredentials is not supported on the
|
|
|
|
* OS or if the native credentials type does not contain information
|
|
|
|
* about the UNIX user.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* Returns: The UNIX user identifier or -1 if @error is set.
|
2010-05-06 22:02:08 +02:00
|
|
|
*
|
|
|
|
* Since: 2.26
|
2010-05-06 20:13:59 +02:00
|
|
|
*/
|
2010-05-09 16:02:56 +02:00
|
|
|
uid_t
|
|
|
|
g_credentials_get_unix_user (GCredentials *credentials,
|
|
|
|
GError **error)
|
2010-05-06 20:13:59 +02:00
|
|
|
{
|
2010-05-09 16:02:56 +02:00
|
|
|
uid_t ret;
|
|
|
|
|
2010-05-06 20:13:59 +02:00
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
|
2010-05-09 16:02:56 +02:00
|
|
|
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
2010-05-06 20:13:59 +02:00
|
|
|
|
2010-05-09 16:02:56 +02:00
|
|
|
#ifdef __linux__
|
|
|
|
ret = credentials->priv->native.uid;
|
|
|
|
#else
|
|
|
|
ret = -1;
|
|
|
|
g_set_error_literal (error,
|
|
|
|
G_IO_ERROR,
|
|
|
|
G_IO_ERROR_NOT_SUPPORTED,
|
|
|
|
_("There no GCredentials support for your your platform"));
|
|
|
|
#endif
|
2010-05-06 20:13:59 +02:00
|
|
|
|
2010-05-09 16:02:56 +02:00
|
|
|
return ret;
|
|
|
|
}
|
2010-05-06 20:13:59 +02:00
|
|
|
|
|
|
|
/**
|
2010-05-09 16:02:56 +02:00
|
|
|
* g_credentials_set_unix_user:
|
2010-05-06 20:13:59 +02:00
|
|
|
* @credentials: A #GCredentials.
|
2010-05-09 16:02:56 +02:00
|
|
|
* @uid: The UNIX user identifier to set.
|
|
|
|
* @error: Return location for error or %NULL.
|
|
|
|
*
|
|
|
|
* Tries to set the UNIX user identifier on @credentials. This method
|
|
|
|
* is only available on UNIX platforms.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* This operation can fail if #GCredentials is not supported on the
|
|
|
|
* OS or if the native credentials type does not contain information
|
|
|
|
* about the UNIX user.
|
2010-05-06 20:13:59 +02:00
|
|
|
*
|
2010-05-09 16:02:56 +02:00
|
|
|
* Returns: %TRUE if @uid was set, %FALSE if error is set.
|
2010-05-06 22:02:08 +02:00
|
|
|
*
|
|
|
|
* Since: 2.26
|
2010-05-06 20:13:59 +02:00
|
|
|
*/
|
|
|
|
gboolean
|
2010-05-09 16:02:56 +02:00
|
|
|
g_credentials_set_unix_user (GCredentials *credentials,
|
|
|
|
uid_t uid,
|
|
|
|
GError **error)
|
2010-05-06 20:13:59 +02:00
|
|
|
{
|
2010-05-09 16:02:56 +02:00
|
|
|
gboolean ret;
|
|
|
|
|
2010-05-06 20:13:59 +02:00
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
|
2010-05-09 16:02:56 +02:00
|
|
|
g_return_val_if_fail (uid != -1, FALSE);
|
|
|
|
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
2010-05-06 20:13:59 +02:00
|
|
|
|
2010-05-09 16:02:56 +02:00
|
|
|
ret = FALSE;
|
|
|
|
#ifdef __linux__
|
|
|
|
credentials->priv->native.uid = uid;
|
|
|
|
ret = TRUE;
|
|
|
|
#else
|
|
|
|
g_set_error_literal (error,
|
|
|
|
G_IO_ERROR,
|
|
|
|
G_IO_ERROR_NOT_SUPPORTED,
|
|
|
|
_("GCredentials is not implemented on this OS"));
|
|
|
|
#endif
|
2010-05-06 20:13:59 +02:00
|
|
|
|
2010-05-09 16:02:56 +02:00
|
|
|
return ret;
|
2010-05-06 20:13:59 +02:00
|
|
|
}
|
2010-05-09 16:02:56 +02:00
|
|
|
#endif /* G_OS_UNIX */
|
2010-05-06 23:31:51 +02:00
|
|
|
|
|
|
|
#define __G_CREDENTIALS_C__
|
|
|
|
#include "gioaliasdef.c"
|